Skip to main content

Suggested answer May 2018 - ISCA

Hello everyone, welcome to my blog, the following are my suggested answers for ISCA May 2018 exam. YouTube Channel: youtube.com/c/AnalyseWithAjmerDin

1.A.

BUSINESS APPLICATIONS OF EXPERT SYSTEMS 
  1. ACCOUNTING AND FINANCE - It provides TAX ADVICE AND ASSISTANCE, helping with credit- authorization decisions, selecting forecasting models, providing investment advice.
  2. MARKETING - It provides establishing SALES QUOTAS, responding to customer inquiries, referring problems to telemarketing centres, assisting with marketing timing decisions, determining discount policies.
  3. MANUFACTURING - It helps in determining whether a process is running correctly, analysing quality and providing corrective measures, maintaining facilities, SCHEDULING JOB-SHOP TASKS, selecting transportation routes, assisting with product design and faculty layouts.
  4. PERSONNEL/HUMAN RESOURCE - It is useful in assessing applicant qualifications and assisting employees in filling out forms.
  5. GENERAL BUSINESS - It helps in assisting with project proposals, recommending acquisition strategies, educating trainees, and evaluating performance.

1.B

To operate Information Systems (IS) effectively and efficiently a business MANAGER SHOULD HAVE FOLLOWING KNOWLEDGE ABOUT it:
  • FOUNDATION CONCEPTS — it includes fundamental business, and managerial concepts e.g. `what are components of a system and their functions', or 'what competitive strategies are required'. 
  • INFORMATION TECHNOLOGIES (IT) — it includes operation, development and management of hardware, software, data management, networks, and other technologies.
  • BUSINESS APPLICATIONS — it includes major uses of IT in business steps i.e. processes, operations, decision making, and strategic/competitive advantage.
  • DEVELOPMENT PROCESSES — it comprise how end users and IS specialists develop and execute business/IT solutions to problems.

1.C

INTERNAL CONTROLS AS PER C0S0: In a computerised environment, the goals of asset safeguarding, data integrity, system efficiency and system effectiveness can be achieved only if an organization's management sets up a system of internal controls. According to COSO, Internal Control is comprised of five interrelated components:

CONTROL ENVIRONMENT: This includes the elements that establish the control context in which specific accounting systems and control procedures must operate. 
  • The control environment is manifested in management's operating style, the ways authority and responsibility are assigned, the functional method of the audit committee, the methods used to plan and monitor performance and so on. 
  • For each business process, an organization needs to develop and maintain a control environment including categorizing the criticality and materiality of each business process, plus the owners of the business process.
RISK ASSESSMENT: This includes the elements that identify and analyse the risks faced by an organisation and the way the risk can be managed. 
  • Both external and internal auditors are concerned with errors or irregularities that cause material losses to an organisation. Each business process comes with various risks. 
  • A control environment must include an assessment of the risks associated with each business process.

CONTROL ACTIVITIES: This includes the elements that operate to ensure transactions are authorized, duties are segregated, adequate documents and records are maintained, assets and records are safeguarded, and independent checks on performance and valuation of records. 

  • These are called accounting controls. Internal auditors are also concerned with administrative controls to achieve effectiveness and efficiency objectives. Control activities must be developed to manage, mitigate, and reduce the risks associated with each business process. It is unrealistic to expect to eliminate risks completely.

INFORMATION AND COMMUNICATION: These are the elements, in which information is identified, captured and exchanged in a timely and appropriate form to allow personnel to discharge their responsibilities. These are associated with control activities regarding information and communication systems of the entity that acts as one of the component of internal accounting system. These enable an organization to capture and exchange the information needed to conduct, manage, and control its business processes. 

MONITORING: The internal control process must be continuously monitored with modifications made as warranted by changing conditions. This includes the elements that ensure internal controls operate reliably over time. The best internal controls are worthless if the company does not monitor them and make changes when they are not working.

1.D 

Post Implementation Review: It examines the efficacy of all elements of the working business solution to see if further improvements can be made to optimize the benefit delivered. A Post-Implementation Review should be scheduled some time after the solution has been deployed.

Methods of collection and evaluation of data :Questionnaire, Interview, Document review

Typical evaluations include the following:
  • Development Evaluation: Evaluation of the development process is primarily concerned with whether the system was developed on schedule and within budget. It requires schedules and budgets to be established in advance and that record of actual performance and cost be maintained. However, it may be noted that very few information systems have been developed on schedule and within budget. In fact, many information systems are developed without clearly defined schedules or budgets. Due to the uncertainty and mystique associated with system development, they are not subjected to traditional management control procedures.
  • Operational Evaluation: The evaluation of the information system's operation pertains to whether the hardware, software and personnel are capable to perform their duties. It tries to answer the questions related to functional aspects of the system. Such an evaluation is relatively straightforward if evaluation criteria are established in advance. For Example: if the systems analyst lays down the criterion that a system, which is capable of supporting one hundred terminals should give response time of less than two seconds, evaluation of this aspect of system operation can be done easily after the system becomes operational.
  • Information Evaluation: An information system should also be evaluated in terms of information it provides or generates. This aspect of system evaluation is difficult and it cannot be conducted in a quantitative manner, as is the case with development and operational evaluations. The objective of an information system is to provide information to a considerable extent to support the organizational decision system. Therefore, the extent to which information provided by the system is supportive to decision making is the area of concern in evaluating the system.

2.A

After accepting an engagement, the pre-audit survey is more important, as in this survey auditor has official access to client records and data. 

The purpose of this survey shall help auditor to assess the audit schedules, audit team size, and audit team components.

Different audit organizations go about IS auditing in different ways and individual auditors have their own favourite ways of working. However, it can be categorized into six stages as shown in Figure below. 

  1. SCOPING AND PRE-AUDIT SURVEY: Auditors determine the main areas of focus and any areas that are explicitly out-of-scope, based on the scope-definitions agreed with management. Information sources at this stage include background reading and web browsing, previous audit reports, pre audit interview, observations and, sometimes, subjective impressions that simply deserve further investigation.
  2. PLANNING AND PREPARATION: During which the scope is broken down into greater levels of detail, usually involving the generation of an audit work plan or risk-control-matrix.
  3. iii. FIELDWORK: This step involves gathering of evidence by interviewing staff and managers, reviewing documents, and observing processes etc.
  4. ANALYSIS: This step involves desperately sorting out, reviewing and trying to make sense of all that evidence gathered earlier. SWOT (Strengths, Weaknesses, Opportunities, and Threats) or PEST (Political, Economic, Social, and Technological) techniques can be used for analysis.
  5. REPORTING: Reporting to the management is done after analysis of evidence is gathered and analysed.
  6. CLOSURE: Closure involves preparing notes for future audits and follow up with management to complete the actions they promised after previous audits. Analysis and reporting may involve the use of automated data analysis tools such as ACL or IDEA, if not Excel, Access and hand-crafted SQL queries. Automated system security analysis, configuration or vulnerability management and security benchmarking tools are also used for reviewing security parameters, and the basic security management functions that are built-in to modern systems can help with log analysis, reviewing user access rights etc.

2.B

REMOTE AND DISTRIBUTED DATA PROCESSING APPLICATIONS CAN BE CONTROLLED IN MANY WAYS. 
Some of these are given as follows:
  1. Remote access to computer and data files through the network should be implemented.
  2. Having a terminal lock can assure physical security to some extent.
  3. Applications that can be remotely accessed via modems and other devices should be controlled appropriately.
  4. Terminal and computer operations at remote locations should be monitored carefully and frequently for violations.
  5. In order to prevent the unauthorized user's access to the system, there should be proper control mechanisms over system documentation and manuals.
  6. Data transmission over remote locations should be controlled. The location which sends data should attach needed control information that helps the receiving location to verify the genuineness and integrity.
  7. When replicated copies of files exist at multiple locations it must be ensured that all are identical copies contain the same information and checks are also done to ensure that duplicate data does not exist.

2.C

An audit or self-assessment of the enterprise's BCM program should verify that: 
  • All key products and services and their supporting critical activities and resources have been identified and included in the enterprise's BCM strategy; 
  • The enterprise's BCM policy, strategies, framework and plans accurately reflect its priorities and requirements (the enterprise's objectives); 
  • The enterprise' BCM competence and its BCM capability are effective and fit-for-purpose and will permit management, command, control and coordination of an incident; 
  • The enterprise's BCM solutions are effective, up-to-date and fit-for-purpose, and appropriate to the level of risk faced by the enterprise; 
  • The enterprise's BCM maintenance and exercising programs have been effectively implemented;
  • BCM strategies and plans incorporate improvements identified during incidents and exercises and in the maintenance program;
  • The enterprise has an ongoing program for BCM training and awareness;
  • BCM procedures have been effectively communicated to relevant staff, and that those staff understand their roles and responsibilities; and 
  • Change control processes are in place and operate effectively.

3.A

Benefits of COBIT 5 are as follows:
  1. Can be implemented in all sizes of enterprises.
  2. Supports compliance with relevant laws, regulations, contractual agreements and policies.
  3. Helps enterprises 
    1. to manage IT related risk and ensures compliance, continuity, security and privacy.
    2. to create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.
  4. Enables:
    1. Enterprises in achieving their objectives for the governance and management of enterprise IT. 
    2. IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT related interests of internal and external stakeholders. 
    3. Clear policy development and good practice for IT management including increased business user satisfaction.

3.B

INTEGRATED TEST FACILITY (ITF): The ITF technique involves the creation of a dummy entity in the application system files and the processing of audit test data against the entity as a means of verifying processing authenticity, accuracy, and completeness. This test data would be included with the normal production data used as input to the application system. In such cases the auditor has to decide what would be the method to be used to enter test data and the methodology for removal of the effects of the ITF transactions.

METHODS OF ENTERING TEST DATA: The transactions to be tested have to be tagged. 
The application system has to be programmed to recognize the tagged transactions and have them invoke two updates, one to the application system master file record and one to the ITF dummy entity. 

Auditors can also embed audit software modules in the application system programs to recognize transactions having certain characteristics as ITF transactions. 
Tagging live transactions as ITF transactions has the advantages of ease of use and testing with transactions representative of normal system processing. 

However, use of live data could mean that the limiting conditions within the system are not tested and embedded modules may interfere with the production processing. Preparation of the test data could be time consuming and costly.

METHODS OF REMOVING THE EFFECTS OF ITF TRANSACTIONS: The presence of ITF transactions within an application system affects the output results obtained. 
The effects of these transactions have to be removed. The application system may be programmed to recognize ITF transactions and to ignore them in terms of any processing that might affect users. 
Another method would be the removal of effects of ITF transactions by submitting additional inputs that reverse the effects of the ITF transactions. Another less used approach is to submit trivial entries so that the effects of the ITF transactions on the output are minimal.

3.C

COMPENSATION FOR FAILURE TO PROTECT DATA 

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected. 

Explanation-

For the purposes of this section -
i. "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;

ii. "reasonable security practices and procedures" means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit;

"sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.

Penalty for failure to furnish information, return, etc.-

If any person who is required under this Act or any rules or regulations made thereunder to-
furnish any document, return or report to the Controller or the Certifying Authority fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;

file any return or furnish any information, books or other documents within the time specified therefor in the regulations fails to file return or furnish the same within the time specified therefor in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues;

maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.

4.A

Key Management Practices for implementing Risk Management are given as follows: 
  • COLLECT DATA: Identify and collect relevant data to enable effective IT related risk identification, analysis and reporting.
  • ANALYSE RISK: Develop useful information to support risk decisions that take into account the business relevance of risk factors
  • MAINTAIN A RISK PROFILE: Maintain an inventory of known risks and risk attributes, including expected frequency, potential impact, and responses, and of related resources, capabilities, and current control activities.
  • DEFINE A RISK MANAGEMENT ACTION PORTFOLIO: Manage opportunities and reduce risk to an acceptable level as a portfolio.
  • RESPOND TO RISK: Respond in a timely manner with effective measures to limit the magnitude of loss from IT related events.
  • ARTICULATE RISK: Provide information on the current state of IT- related exposures and opportunities in a timely manner to all required stakeholders for appropriate response.

4.B

OPERATIONAL LAYER: The operational layer audit issues include:

  1. USER ACCOUNTS AND ACCESS RIGHTS: This includes defining unique user accounts and providing them access rights appropriate to their roles and responsibilities. Auditor needs to always ensure the use of unique user IDs, and these need to be traceable to individual for whom created. In case, guest IDs are used then test of same should also be there. Likewise, vendor accounts and third-party accounts should be reviewed. In essence, users and applications should be uniquely identifiable. 
  2. PASSWORD CONTROLS: In general, password strength, password minimum length, password age, password non-repetition and automated lockout after three attempts should be set as a minimum. Auditor needs to check whether there are applications where password controls are weak. In case such instances are found, then auditor may look for compensating controls against such issues.
  3. SEGREGATION OF DUTIES: As frauds due to collusions / lack of segregations increase across the world, importance of the Segregation of Duties also increases. Segregation of duties is a basic internal control that prevents or detects errors and irregularities by assigning to separate individuals' responsibility for initiating and recording transactions and custody of assets to separate individuals. 

Example to illustrate:
i. Record keeper of asset must not be asset keeper. 
ii. Cashier who creates a cash voucher in system, must not have right to authorize payments.
iii. Maker must not be checker. 
Auditor needs to check that there is no violation of above principle. Any violation may have serious repercussions, the same need to be immediately communicated to those charged with governance.

4.C

ADVANTAGES 
Restores are fast and easy to manage as the entire list of files and folders are in one backup set.
Easy to maintain and restore different versions. 

DISADVANTAGES 
Backups can take very long as each file is backed up again every time the full backup is run. 
Consumes the most storage space compared to incremental and differential backups. The exact same files are stored repeatedly resulting in inefficient use of storage.

5.A

Major data integrity policies are given as under:
  1. VIRUS-SIGNATURE UPDATING: Virus signatures must be updated automatically when they are made available from the vendor through enabling of automatic updates. 
  2. SOFTWARE TESTING: All software must be tested in a suitable test environment before installation on production systems.
  3. DIVISION OF ENVIRONMENTS: The division of environments into Development, Test, and Production is required for critical systems.
  4. OFFSITE BACKUP STORAGE: Backups older than one month must be sent offsite for permanent storage.
  5. QUARTER-END AND YEAR-END BACKUPS: Quarter-end and year-end backups must be done separately from the normal schedule, for accounting purposes 
  6. DISASTER RECOVERY: A comprehensive disaster-recovery plan must be used to ensure continuity of the corporate business in the event of an outage.

5.B.

Mobile Computing refers to the technology that allows transmission of data via a computer without having to be connected to a fixed physical link. 

Mobile voice communication is widely established throughout the world and has had a very rapid increase in the number of subscribers to the various cellular networks over the last few years. 
An extension of this technology is the ability to send and receive data across these cellular networks. 

This is the fundamental principle of mobile computing. 

Mobile data communication has become a very important and rapidly evolving technology as it allows users to transmit data from remote locations to other remote or fixed locations. 
This proves to be the solution of the biggest problem of business people on the move i.e. mobility.

The key components of Mobile Computing are as follows: 

a. MOBILE COMMUNICATION: This refers to the infrastructure put in place to ensure that seamless and reliable communication goes on. 

This would include communication properties, protocols, data formats and concrete technologies.

b. MOBILE HARDWARE: This includes mobile devices or device components that receive or access the service of mobility. They would range from Portable laptops, Smart Phones, Tablet PCs, and Personal Digital Assistants (PDA) that use an existing and established network to operate on. 

c. MOBILE SOFTWARE: Mobile Software is the actual programme that runs on the mobile hardware and deals with the characteristics and requirements of mobile applications. 

Mobile applications popularly called Apps are being developed by organizations for use by customers but these apps could represent risks, in terms of flow of data as well as personal identification risks, introduction of malware and access to personal information of mobile owner.

5.C

The following considerations are valid for both acquisition of hardware and software:
  1. Vendor Selection: This step is a critical step for success of process of acquisition of systems. It is necessary to remember that vendor selection is to be done prior to sending RFP. The result of this process is that `RFP are sent only to selected vendors'. For vendor selection, following things are kept in mind including the background and location advantage of the vendor, the financial stability of vendor, the market feedback of vendor performance, in terms of price, services etc. 
  2. Geographical Location of Vendor: The issue to look for whether the vendor has local support persons. Otherwise, the proposals submitted by vendor not as per RFP requirements need to rejected, with no further discussion on such rejected proposals. This stage may be referred to as 'technical validation', that is to check the proposals submitted by vendors, are technically complying with RFP requirements.
  3. Presentation by Selected Vendors: All vendors, whose proposals are accepted after "technical validation", are allowed to make presentation to the System Acquisition Team. The team evaluates the vendor's proposals by using techniques.
  4. Evaluation of Users Feedback: The best way to understand the vendor systems is to analyse the feedback from present users. Present users can provide valuable feedback on system, operations, problems, vendor response to support calls. 

Besides these, some specific considerations for hardware and software acquisition are described as follows: 
  1. The benchmark tests to be done for proposed machine. For hardware's, there are specified standard benchmark tests defined based on the nature of hardware. These need to be applied to proposed equipment.
  2. Software considerations that can be current applications programs or new programs that have been designed to represent planned processing needs.
  3. The benchmarking problems are oriented towards testing whether a computer offered by the vendor meets the requirements of the job on hand of the buyer.
  4. The benchmarking problems would then comprise long jobs, short jobs, printing jobs, disk jobs, mathematical problems, input and output loads etc., in proportion typical of the job mix.
  5. If the job is truly represented by the selected benchmarking problems, then this approach can provide a realistic and tangible basis for comparing all vendors' proposals. 
  6. Tests should enable buyer to effectively evaluate cross performance of various systems in terms of hardware performance (CPU and input/output units), compiler language and operating system capabilities, diagnostic messages, ability to deal with certain types of data structures and effectiveness of software utilities.
  7. Benchmarking problems, however, suffer from a couple of disadvantages. It takes considerable time and efforts to select problems representative of the job mix which itself must be precisely defined. It also requires the existence of operational hardware, software and services of systems. Nevertheless, this approach is very popular because it can test the functioning of vendors' proposal. The manager can extrapolate in the light of the results of benchmarking problems, the performance of the vendors' proposals on the entire job mix.

6.A

AUDIT OF ENVIRONMENTAL CONTROLS: Audit of environmental controls requires the IS auditor to conduct physical inspections and observe practices. The Auditor should verify that:

  1. THE IPF (INFRASTRUCTURE PLANNING AND FACILITIES) and the construction with regard to the type of materials used for construction;
  2. THE PRESENCE OF WATER AND SMOKE DETECTORS, power supply arrangements to such devices, and testing logs;
  3. THE LOCATION OF FIRE EXTINGUISHERS, firefighting equipment and refilling date of fire extinguishers;
  4. EMERGENCY PROCEDURES, EVACUATION PLANS and marking of fire exists. There should be half-yearly Fire drill to test the preparedness;
  5. DOCUMENTS FOR COMPLIANCE WITH LEGAL AND REGULATORY REQUIREMENTS with regards to fire safety equipment, external inspection certificate and shortcomings pointed out by other inspectors/auditors;
  6. POWER SOURCES AND CONDUCT TESTS TO ASSURE THE QUALITY OF POWER, effectiveness of the power conditioning equipment, and generators. Also the power supply interruptions must be checked to test the effectiveness of the back-up power; 
  7. COMPLIANT LOGS AND MAINTENANCE LOGS TO ASSESS IF MTBF (Mean Time Between Failures) and MTTR (Mean Time to Repair) are within acceptable levels

6.B

A company may adopt ISO 27001 for the following reasons:
  1. It is suitable for protecting critical and sensitive information.
  2. It provides a holistic, risk-based approach to secure information and compliance.
  3. Demonstrates credibility, trust, satisfaction and confidence with stakeholders, partners, citizens and customers.
  4. Demonstrates security status according to internationally accepted criteria.
  5. Creates a market differentiation due to prestige, image and external goodwill.
  6. If a company is certified once, it is accepted globally.

6.C

The objectives of performing BCP tests are to ensure that:
  • The recovery procedures are complete and workable.
  • The competence of personnel in their performance of recovery procedures can be evaluated.
  • There sources such as business processes, systems, personnel, facilities and data are obtainable and operational to perform recovery processes.
  • The manual recovery procedures and IT backup system/s are current and can either be operational or restored.
  • The success or failure of the business continuity training program is monitored.

The key objectives of the contingency plan should be to: 
Provide for the safety and well-being of people on the premises at the time of disaster;
Continue critical business operations;
Minimise the duration of a serious disruption to operations and resources (both information processing and other resources)
Minimise immediate damage and losses;
Establish management succession and emergency powers;
Facilitate effective co-ordination of recovery tasks;
Reduce the complexity of the recovery effort;
Identify critical lines of business and supporting functions.

7.A

Misconceptions about MIS 
(1) Any computer based information system is a MIS.
(2) Any reporting system is MIS.
(3) MIS is a management technique.
(4) MIS is a bunch of technologies.
(5) MIS is an implementation of organizational systems and procedures.
(6) It is a file structure. 
(7) The study of MIS is about use of computers.
(8) More data in generated reports refers more information to managers.
(9) Accuracy plays vital role in reporting.

7.B

a. HIGHLY SCALABLE: The resources in the public cloud are large in number and the service providers make sure that all requests are granted.

b. AFFORDABLE: The cloud is offered to the public on a pay-as-you-go basis; hence the user has to pay only for what he or she is using (using on a per-hour basis) and this does not involve any cost related to the deployment. There is no need for establishing infrastructure for setting up and maintaining the cloud.

c. HIGHLY AVAILABLE: It is highly available because anybody from any part of the world can access the public cloud with proper permission, and this is not possible in other models as geographical or other access restrictions might be there.

d. STRINGENT SLAS: As the service provider's business reputation and customer strength is totally dependent on the cloud services, they follow the SLAs strictly and violations are avoided.

e. THERE IS NO LIMIT FOR THE NUMBER OF USERS.

f. IT IS WIDELY USED IN THE DEVELOPMENT, deployment and management of enterprise applications, at affordable costs.

7.C

TROJAN HORSE: These are malicious programs that are hidden under any authorized program. 
Typically, a Trojan horse is an illicit (illegal) coding contained in a legitimate program, and causes an illegitimate action. 

The concept of Trojan is similar to bombs but a computer clock or particular circumstances do not necessarily activate it. A Trojan may:
1. Change or steal the password or 
2. May modify records in protected files or
3. May allow illicit users to use the systems. 
4. Trojan Horses hide in a host and generally do not damage the host program. Trojans cannot copy themselves to other software in the same or other systems. 
5. The Trojan may get activated only if the illicit program is called explicitly. 
6. It can be transferred to other system only if an unsuspecting user copies the Trojan program. 
7. Christmas card is a well-known example of Trojan. 
8. It was detected on internal E-mail of IBM system. On typing the word Christmas', it will draw the Christmas tree as expected, but in addition, it will send copies of similar output to all other users connected to the network.

7.D

Enterprises have to monitor the processes and practices of IT risk management by using specific metrics. Some of the key metrics are as follows:
Percentage of critical business processes, IT services and IT-enabled business programs covered by risk assessment;
Number of significant IT related incidents that were not identified in risk Assessment;
Percentage of enterprise risk assessments including IT related risks; and
Frequency of updating the risk profile based on status of assessment of risks.

7.E

  1. Recovery Testing: This is the activity of testing 'how well the application is able to recover from crashes, hardware failures and other similar problems'. Recovery testing is the forced failure of the software in a variety of ways to verify that recovery is liable to be properly performed, in actual failures.
  2. Security Testing: This is the process to determine that an Information System protects data and maintains functionality as intended or not. The six basic security concepts that need to be covered by security testing are — confidentiality, integrity, availability authentication, authorization, and non-repudiation. This testing technique also ensures the existence and proper execution of access controls in the new system.
  3. Stress or Volume Testing: Stress testing is a form of testing that is used to determine the stability of a given system or entity. It involves testing beyond normal operational capacity, often to a breaking point, in order to observe the results. Stress testing may be performed by testing the application with large quantity of data during peak hours to test its performance.
  4. Performance Testing: In the computer industry, software performance testing is used to determine the speed or effectiveness of a computer, network, software program or device. This testing technique compares the new system's performance with that of similar systems using well defined benchmarks.


Comments

Post a Comment

Popular posts from this blog

ICAI Suggested Answers Links

Course Paper Suggested Answers CA Final OLD Paper – 1 : Financial Reporting https://www.icai.org/post.html?post_id=10135 CA Final OLD Paper – 2 : Strategic Financial Management https://www.icai.org/post.html?post_id=10139 CA Final OLD Paper – 3 : Advanced Auditing and Professional Ethics https://www.icai.org/post.html?post_id=10145 CA Final OLD Paper – 4 : Corporate and Allied Laws https://www.icai.org/post.html?post_id=10150 CA Final OLD Paper – 5 : Advanced Management Accounting https://www.icai.org/post.html?post_id=10158 CA Final OLD Paper – 6 : Information Systems Control and Audit https://www.icai.org/post.html?post_id=10164 CA Final OLD Paper – 7 : Direct Tax Laws https://www.icai.org/post.html?post_id=10252 CA Final OLD Paper – 8 : Indirect Tax Laws https://www.icai.org/post.html?post_id=10253 CA Final NEW Paper-1: Financial Reporting...
2 comments
Read more

Similarities between Delhi and Sikkim

 Delhi and Sikkim are although very different in terms of culture, tradition and food however both have some similarities. The first similarity is the area, both Delhi and Sikkim are small where as Sikkim ranks twenty seventh in terms of covered area and similarly Delhi ranks thirty first in terms of covered area. There is high literacy rate in Delhi and Sikkim, Delhi literacy rate is 86.21% and Sikkim's literacy rate is 82.6% which is also thirteenth in rank. Delhi and Sikkim have high human development index, Delhi ranks Fifth with 0.746 HDI and Sikkim ranks tenth with 0.716 HDI. Both Delhi and Sikkim comes in Northern portion of India and shares almost same latitude. Both Delhi and Sikkim are great heritage of culture and language hub.
Post a Comment
Read more

Suggested answers May 2018 - Advance accounting Old Course IPCC

Finally, prepared a suggested answers for all the questions except Q2 and Q4, just go through it and let me know if you have different opinion or point to solve it. 1(a) Provision to be made for warranty under AS29  Amount At 31st March 2017 = 80,000 X 2% + 50,000 X 3%           3,100 At 31st March 2018 = 50,000 X 2% + 180000 X 3%           6,400 Amount to be debited to SPL for 31st March 2018 Balance of provision required as on 31st March 2018           6,400 Less opening balance         (3,100) Amount debited to SPL           3,300 No provision for 80,000 for 31St March 2018 because  warranty has lapsed 1(b) ...
1 comment
Read more